One of the pushbacks I get when I reiterate the importance of securing your online accounts relates to accounts people consider “unimportant”. When dealing with such an account, many feel that extra security measures are more hassle than they’re worth. As a result, they often use poor passwords, re-use passwords, fail to set up recovery mechanisms, and more.
My concern is twofold: accounts often become more important over time, and a breach of even a so-called “unimportant” account can still cause headaches in the future.
Then, of course, there are those who feel all their accounts are unimportant.
Become a Patron of Ask Leo! and go ad-free!
“I’m no target, I have no money”
To put it bluntly, this is flat out wrong.
When it comes to accounts associated with money — be they bank, PayPal, credit card, or other accounts — every account is a target. Even if you have no money and no credit, hackers can still use account access to perpetrate fraud, credit scams, and more, all in your name. If that happens, you may not find out until it’s much too late, leaving you with a mess to clean up.
The same is true for shopping accounts. Once again, even without money “on file” or an associated payment method, scammers can still cause you grief by using those accounts for various forms of fraud and mayhem.
Filthy rich or dirt poor, your accounts are valuable to scammers for a variety of reasons, all of which will impact you negatively should the worst happen.
“I don’t use this account for anything important”
I hear this associated with secondary email accounts that people set up to stem the flow of marketing or spam headed to their primary, more private account.
Once again, it doesn’t matter what you use the account for; spammers want it. In fact, they want it dearly. They want access to your contacts so their spam and scams are more likely to be opened by the recipients: the people who know and trust you. If you’re using this as an alternate email account, they want access so they can compromise your primary one.
Once an email account — any email account — has been compromised and spammers get hold, it’s your reputation that takes a hit, and it’s your mess to clean up.
I often hear the excuse “well, if it’s ever compromised, I’ll just walk away from it.” All I can say is, good luck with that. It’s a good bet you have, in fact, used this “unimportant” account for something that will require you to keep control of it. Unfortunately, there’s also a good chance that you won’t realize you that until it’s much too late — the account’s long gone, and now you need it for something you didn’t realize was important.
Importance grows over time
It’s possible that an account truly is unimportant at first. If it gets compromised in that initial period, perhaps the ramifications are small. It’s annoying to have even an unimportant account get hacked, but typically not more than that: an annoyance.
Setting aside for a moment that many folks’ idea of “unimportant” is simply wrong, the other thing that happens is the longer we hold an account, the more we use it, the more we rely on it, the more important it becomes.
My Hotmail account, for example, was originally and for many years a truly unimportant throw-away account. It was something I set up to experiment with Hotmail shortly after Microsoft purchased it.
Today, it’s one of my most important accounts: it’s my Microsoft account, used for logging into several of my Windows 10 computers.
The longer you have an account, and the more you use it, the more important it becomes. If, however, you treated it as unimportant when you set it up, it’s likely you didn’t set up the associated recovery and security information that will allow you to regain access to the account — and to everything for which it’s the gateway — should it ever be compromised.
There’s no real excuse
Honestly, there’s no real excuse to do at least the bare minimum to secure any account, no matter how “unimportant” you think it may be today.
- Set a strong, unique password. 12 characters minimum, with random characters preferred, used nowhere else.
- Set recovery info. Be it a phone number, an alternate email address, or something else, set it and keep it up to date.
Really, that’s the bare minimum, and it’s just not that hard. Using a password vault lets me quickly assign random 20-character passwords to every account I create these days. There’s just no reason not to.
Before you dismiss the account you’re creating as “unimportant”, and before you assume that you’re just not a valuable target, think again. Every account is more important than you think it is, and everyone is a target, no matter what.
Take a few seconds at account creation time to protect yourself. Someday, you’ll be glad you did.
If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,